Hello Chris,
I followed the steps from page 18 from the NH Admin Guide.
- Emptied netapp-harvest/cert/
- Created new CERT-files : # openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout 10yr.key -out 10yr.pem
- In the CERT-dir:
ls -l
total 12
-rw-r--r--. 1 root root 916 Sep 28 11:17 10yr.key
-rw-r--r--. 1 root root 1078 Sep 28 11:17 10yr.pem
-rw-r--r--. 1 root root 184 Nov 10 2016 README.txt
- Entered ALL the info (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) from 10yr.pem
::> security certificate install -type client-ca -vserver <clustername>
Answer: You should keep a copy of the CA-signed digital certificate for future reference.
- Enabling:
::> security ssl modify -client-enabled true -vserver <clustername>
- Creating (new) user:
::> security login create -user-or-group-name netapp-harvest-2 -application ontapi -role netapp-harvest-role -authmethod cert
Modify config-file:
# vi netapp-harvest.conf
username = netapp-harvest-2
auth_type = ssl_cert
ssl_cert = 10yr.pem
ssl_key = 10yr.key
Resulting in log-file:
[2017-09-28 11:26:39] [NORMAL ] WORKER STARTED [Version: 1.3] [Conf: netapp-harvest.conf] [Poller: <cluster>]
[2017-09-28 11:26:39] [NORMAL ] [main] Poller will monitor a [FILER] at [<cluster>:443]
[2017-09-28 11:26:39] [NORMAL ] [main] Poller will use [ssl_cert] authentication with ssl_cert [10yr.pem] and ssl_key [10yr.key]
[2017-09-28 11:26:39] [WARNING] [sysinfo] Update of system-info cache DOT Version failed with reason: Authorization failed
[2017-09-28 11:26:39] [WARNING] [main] system-info update failed; will try again in 10 seconds.
Comes my question.
How does netapp-harvest connects to the cluster?
I've configured in conf-file:
username = netapp-harvest-2
And created at the cluster the user "netapp-harvest-2"
But I thought it would NOT use username (& password)
Or should I still create a user WITH password like:
security login create -user-or-group-name netapp-harvest-2 -application ontapi -role netapp-harvest-role -authmethod password
This is NOT clear to me.
I've made a process-trace (strace) of it. But thats not usefull to add it to this community.
Hope yoiu can help me how to solve "Authorization failed".
Kind Regards, Maarten de Boer